package com.baipiao.permission.backend.controller.sys;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.baipiao.permission.backend.entity.response.Res;
import com.baipiao.permission.backend.entity.response.ResData;

/**
 * @author Livi Luo
 */


@RestController
@Tag(name = "权限测试接口", description = "测试拥有不同权限可以访问的api。 " +
        " - root拥有系统所有权限。" +
        " - admin<read,update,insert,update>。" +
        " - user<read,update>。" +
        " - guest<read>。" +
        " - test没有权限。")
@RequestMapping("/permission")
public class PermissionTestController {

    @Operation(summary = "无需权限")
    @RequestMapping(value = "noPermission", method = RequestMethod.GET)
    public Res noPermission() {
        return ResData.success("no permission");
    }

    @PreAuthorize("hasRole('root')||hasAuthority('sys.user.read')")
    @Operation(summary = "查看用户，权限标识 - sys.user.read")
    @RequestMapping(value = "read", method = RequestMethod.GET)
    public Res read() {
        return ResData.success("查看用户");
    }

    @PreAuthorize("hasRole('root')||hasAuthority('sys.user.update')")
    @Operation(summary = "修改用户，权限标识 - sys.user.update")
    @RequestMapping(value = "update", method = RequestMethod.GET)
    public Res update() {
        return ResData.success("修改用户");
    }

    @PreAuthorize("hasRole('root')||hasAuthority('sys.user.insert')")
    @Operation(summary = "新增用户，权限标识 - sys.user.insert")
    @RequestMapping(value = "insert", method = RequestMethod.GET)
    public Res insert() {
        return ResData.success("新增用户");
    }

    @PreAuthorize("hasRole('root')||hasAuthority('sys.user.delete')")
    @Operation(summary = "删除用户，权限标识 - sys.user.delete")
    @RequestMapping(value = "delete", method = RequestMethod.GET)
    public Res delete() {
        return ResData.success("删除用户");
    }

}
